Hacking-related breaches leverage compromised passwords

May 13, 2021//Ellen Neveux

Last Updated: June 11, 2021

Credentials remain one of the most sought-after pieces of information for hackers, and it’s still proving to be effective in their attack efforts. This isn’t new information; compromised passwords have been attributed to data breaches for years. But it should serve as a warning because the trend has continued to stay stagnant. How network credentials are managed directly reflects overall security. Secure credential management should always be in place for its users, whether it’s internal employees or third-party vendors that need access. Luckily, there are ways to take proactive measures to protect your network from those trying to exploit it. Before we dive into how to defend your network from bad actors, let’s take a deeper look at the consequences of poor credential management.

SecureLink | Vulnerable Vendor Checklist

Vulnerable Vendor Checklist

Our checklist helps you identify possible red flags so you can take steps to protect your network from cyberattacks and other threats to your data that stem from vendors’ access.

How compromised passwords lead to data breaches

According to the Verizon 2021 Data Breach Investigations Report, credentials are the primary means by which a bad actor hacks into an organization, with 61 percent of breaches attributed to leveraged credentials. Passwords, especially passwords with privileged access to organizational systems and networks, are targets for hackers since they’re able to get so much information from just one singular source. To put it simply, privileged credentials open a lot of doors. When the keys to those doors are mismanaged, a hacker has the potential to access a wealth of information and use it for malicious purposes, like leveraging confidential information for ransom payouts. 

And, unfortunately, many organizations inadvertently mismanage these targeted credentials by distributing the same access and privilege across the board to admins, employees, and third-party vendor reps.

Third-party vendors and credential management

There’s a common misconception that third-party vendor access can be treated the same as employee access. When this myth is played out in the mismanagement of credentials, it can result in adverse consequences, especially considering that credentials permit access to all corners of a network. Neglecting the process of secure access management creates particular vulnerabilities in the case of third-party vendors and their access rights. 

When managing third-party remote access, the only way to ensure a vendor doesn’t compromise your network credentials is to never give them out. Remote support solutions should mask your network credentials and inject them for the vendor so they never have to see login information. This feature also helps prevent “leapfrogging”, or the process of a technician launching additional connections from within the initial target host. If the technician is never aware of the password, they are prevented from trying to log into other systems with the same account.

Phishing and malware

One common way for hackers to compromise credentials is to use phishing. According to the same Verizon report, phishing activity was present in over one-third of data breaches. And due to that success, attackers seem to focus on more refined, targeted attacks (i.e. spearphishing) versus the mass broadcast general attacks.

Attackers are more likely than ever to establish a foothold on your network via phishing methods. Organizations can defend against this attack method by strengthening their endpoint defenses to knock down the malware when it tries to infect and also by securing higher privilege credentials with technology.

Sharing and reusing passwords

Sharing passwords among colleagues, both on purpose and on accident, can inadvertently lead to your credentials being compromised. Sure, you might trust your coworker to access important accounts, but that doesn’t mean the password is safe.

The deeper issue of password habits is that far too many users continue to use outdated practices that place their security at risk (e.g. writing down a password on a sticky note or using easily guessed passwords). Keep in mind many people do not assume responsibility for having a weak, or crackable password. One of the most alarming aspects is that many people aren’t even aware of how risky their password behaviors are. If they are aware, they accept the risks and simply take the easier, less secure route.

It doesn’t have to stay this way. There are proactive measures individuals and organizations can take to protect against shared passwords. Here are some password best practices for you to implement if you haven’t already:

  • Require strong passwords.
  • Implement two-factor or multi-factor authentication.
  • If breached, all passwords must be reset. Merely suggesting this as a plan of action leads many consumers to ignore the suggestion. It must be required as a protocol. 
  • Never have the same password for all accounts/logins. That way if one of your passwords is stolen or misused, the bad actor only has access to one platform instead of all. 
  • Practice what you preach. All password best practices should be used by internal and external employees.

How to prevent and mitigate data breaches due to compromised passwords

Privileged credentials open a lot of doors that shouldn’t be open to most people, especially external entities like third-party vendors. If these credentials are mismanaged, stolen, or abused, there could be dangerous consequences for the organization and the third party involved. 

If you want to reduce the risks associated with privileged credentials, start by taking back the keys to your network. Third parties can’t compromise passwords they don’t have. Ensure that both internal and external people who have access to your network are abiding by the password rules you have set, usually in adherence to different compliance standards or internal rules (i.e. resetting your password every 90 days, you can’t repeat the same password, and your password needs to include characters other than letters).

To learn more about how to protect yourself from data breaches tied to compromised credentials, even when granting third parties access to your network, download our vendor privileged access checklist that highlights exactly how you can ensure your vendors aren’t compromising your security.

close close